Privacy policy

Derniere mise a jour : February 9, 2026

1. Introduction

This privacy policy describes how TamTam Care SRL, a company incorporated under Belgian law (hereinafter “TamTam”, “we”, “our” or “us”), collects, uses, stores and protects your personal data when you use the TamTam mobile application and associated services (hereinafter the “Service”).

TamTam is an application designed for people aged 65 and over, enabling them to stay in touch with their family in a simple and secure way. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679) and applicable Belgian legislation.

Identity of the data controller

2. Data collected

We collect the following categories of personal data:

2.1 Identification and account data

  • First and last name: to identify your profile within the application.
  • Email address: for account creation, authentication and service communications.
  • Password: stored in hashed form (never in plain text) via Supabase Auth.
  • Profile photo (avatar): optional image to personalise your account.
  • Role: senior or caregiver/administrator, to adapt the interface.

2.2 Contact data

  • Contact list: names, phone numbers and email addresses of loved ones you add in the application.
  • Preferred communication channel: phone, SMS, email or application.
  • Contact category: family, friend, healthcare professional, etc.

2.3 Health data (informational only)

  • Medication reminders: medication name, dosage, intake times, notes.
  • Intake logs: history of medication intake confirmations.

Important: TamTam is not a medical device. Medication reminders are provided for purely informational purposes and do not constitute medical advice, a diagnosis or a prescription. Always consult your doctor or pharmacist for any questions regarding your treatment.

2.4 Communication data

  • Messages: text and voice messages exchanged within the application.
  • Calendar events: appointments, reminders and scheduled events.
  • Broadcast messages: messages sent to the entire family circle.

2.5 Location data

  • Geolocation (SOS only): your geographical position is collected exclusively when the SOS emergency function is activated, in order to transmit your location to your emergency contacts. This data is never collected in the background.

2.6 Technical data

  • Firebase Cloud Messaging (FCM) tokens: technical identifiers required for sending push notifications to your device.
  • Device information: device type, operating system and version, to ensure Service compatibility.
  • Session data: authentication tokens and login information.

2.7 Payment data

  • Subscription information: subscription type, subscription date and status, managed by RevenueCat and Stripe. We never store your bank card numbers.

We process your personal data on the following legal bases:

  • Consent (Art. 6.1.a GDPR): for the creation of your account, the collection of your profile photo and the sending of push notifications. You may withdraw your consent at any time.
  • Performance of a contract (Art. 6.1.b GDPR): to provide the Service to which you have subscribed, including the management of the Care Circle subscription, messaging, medication reminders and calendar.
  • Legitimate interest (Art. 6.1.f GDPR): to ensure the security of the Service, prevent abuse, improve our features and carry out anonymised statistical analyses. Our legitimate interest never overrides your fundamental rights.
  • Legal obligation (Art. 6.1.c GDPR): to comply with our accounting and tax obligations regarding payment transactions.

4. Purposes of processing

Your personal data is processed for the following purposes:

  • Providing, maintaining and improving the TamTam Service.
  • Creating and managing your user account.
  • Enabling communication between seniors and their family circle.
  • Sending medication reminders and calendar notifications.
  • Managing SOS emergency alerts and transmitting your location to designated contacts.
  • Processing Care Circle subscription payments.
  • Sending push notifications relating to the operation of the Service.
  • Ensuring security and preventing unauthorised access.
  • Responding to your support requests.
  • Complying with our legal and regulatory obligations.

5. Data recipients

Your personal data may be shared with the following recipients:

We never sell your personal data to third parties. We do not use any advertising network and do not share your data for third-party marketing purposes.

6. Data transfers outside the European Union

Some of our processors are established in the United States. These transfers are governed by the following mechanisms:

  • Google (Firebase): transfer governed by the EU-U.S. Data Privacy Framework (European Commission adequacy decision of 10 July 2023).
  • Stripe: transfer governed by the EU-U.S. Data Privacy Framework and the European Commission’s Standard Contractual Clauses (SCCs).
  • RevenueCat: transfer governed by the European Commission’s Standard Contractual Clauses (SCCs).

The main data (database, files) is hosted by Supabase in the European Union (AWS regions eu-west-1 Ireland and eu-central-1 Frankfurt).

7. Data retention period

We retain your personal data for the following periods:

  • Account data: retained as long as your account is active, then deleted within 30 days after account deletion.
  • Messages and communications: retained as long as your account is active. Deleted within 30 days following account deletion.
  • Medication reminders and intake logs: retained as long as your account is active. You may delete individual reminders at any time.
  • SOS location data: retained for a maximum of 72 hours after the alert, then automatically deleted.
  • Payment data: transaction information is retained for the legally required period (10 years under Belgian law for accounting obligations).
  • FCM tokens: deleted upon logout or account deletion.
  • Technical log data: retained for a maximum of 90 days.

8. Your rights

In accordance with the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): you may obtain a copy of all personal data we hold about you.
  • Right to rectification (Art. 16): you may request the correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): you may request the deletion of your personal data. Deleting your account results in the erasure of all your data within 30 days.
  • Right to data portability (Art. 20): you may receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Art. 21): you may object to the processing of your data based on our legitimate interest.
  • Right to restriction of processing (Art. 18): you may request the restriction of processing of your data in certain circumstances.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing carried out before such withdrawal.

To exercise any of these rights, contact us at contact@tamtamcare.com. We will respond to your request within 30 days.

9. Data Protection Officer

For any question regarding the protection of your personal data, you may contact our Data Protection Officer:

  • Email: contact@tamtamcare.com
  • Subject: please include “Data Protection” in the subject line of your message.

10. Supervisory authority

If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the competent supervisory authority:

11. Cookies and similar technologies

The TamTam mobile application does not use cookies. The web portal (tamtamcare.com) only uses cookies strictly necessary for the operation of the site:

  • Session cookies: necessary for authentication and maintaining your session. They expire when the browser is closed.

We do not use any tracking, behavioural analysis or advertising cookies. No third-party cookies are placed for marketing purposes.

12. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, modification, disclosure or destruction. These measures include:

  • Encryption in transit: all communications between the application and our servers are encrypted via TLS 1.2 or higher (HTTPS).
  • Encryption at rest: data stored in the database is encrypted at rest (AES-256).
  • Row-Level Security (RLS): each user can only access their own data through row-level security policies in the database.
  • Secure authentication: passwords hashed with bcrypt, time-limited authentication tokens.
  • Secure file storage: profile photos and multimedia files are stored in secure buckets with strict access policies.
  • Logging: data access is logged to detect any suspicious activity.

TamTam allows you to set up medication reminders. It is important to note that:

  • TamTam is not a medical device within the meaning of Regulation (EU) 2017/745.
  • Medication reminders are provided for purely informational purposes and serve as memory aids.
  • TamTam does not in any way replace the advice of a doctor, pharmacist or any other healthcare professional.
  • If in doubt about a treatment, always consult your treating physician or pharmacist.
  • TamTam does not guarantee the absolute reliability of reminders (notification delays, connectivity issues, etc.).

14. Minors

The TamTam Service is not intended for persons under the age of 18. We do not knowingly collect personal data from minors. If we discover that a minor has provided us with personal data without the consent of a parent or legal guardian, we will delete such data as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at contact@tamtamcare.com.

15. Changes to this policy

We reserve the right to modify this privacy policy at any time. In the event of a material change, we will notify you by notification in the application or by email at least 30 days before the changes take effect.

The date of the last update is indicated at the top of this page. We encourage you to review this policy regularly to stay informed about how we protect your data.

16. Contact us

For any question regarding this privacy policy or the protection of your personal data, contact us: